PRIVACY Forum Digest Sunday, 27 June 1993 Volume 02 : Issue 21
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Topanga, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy.
CONTENTS
Summer Doldrums (Lauren Weinstein; PRIVACY Forum Moderator)
Re: The other side of Clipper (Barry Jaspan)
The other side of Clipper (Bob Leone)
Questions for the Privacy Forum (Ohringer@DOCKMASTER.NCSC.MIL)
Re: USPS NCOA request results (Phil Karn)
USPS NCOA request results (Alan Wexelblat)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com". All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com/".
For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------
VOLUME 02, ISSUE 21
Quote for the day:
"All you of Earth are idiots."
-- Eros (Dudley Manlove)
"Plan 9 From Outer Space" (1959)
----------------------------------------------------------------------
Date: Sun, 27 Jun 93 16:12 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Summer Doldrums
Greetings. We've now entered the "summer doldrums" period for
Internet Digests, where submissions and volume tend to drop
to minimums for the year. So, this is a good time to submit
your own privacy concerns, concepts, horror stories, or other
relevant materials. Remember, privacy is you.
--Lauren--
------------------------------
Date: Sun, 13 Jun 93 11:35:08 EDT
From: "Barry Jaspan" <bjaspan@gza.com>
Subject: Re: The other side of Clipper (padgett@tccslr.dnet.mmc.com)
First, I believe that the tapping capability of Clipper/Capstone
will prevent its ever replacing STU-IIIs and other complex
algoritms for dedicated point-point connections that require
absolute privacy.
Undeniably. The question is who will be able to using STU-IIIs
without causing themselves potential problems. The answer is "the
government, and no one else."
Legislation from the government banning "any
other cryptography" would be impossible to enforce and akin to
trying to stuff knowlege back into Pandora's box. It is just not
going to be happen and the government is intelligent enough not to
take on a losing battle that could just flood the legal system (and
there would be pleanty of floodees).
Since when has a law being impossible to enfoce prevented the
government from enacting it? Consider: speed limits, drug use,
Prohibition. Each of these is (was) a losing battle, and each is
flooding (did flood) the legal system. And yet the governemnt
continues to stand behind impossible laws. Why?
The NSA is not stupid. They know they will be unable to prevent
dedicated people from using strong cryptography. So why bother
mandating Clipper? Because then anyone using strong cryto will be
labelling themself as a criminal, giving law enforcement authority to
arrest them (or just seize their assets) should the desire ever arise.
Barry Jaspan, bjaspan@gza.com
------------------------------
Date: Wed, 16 Jun 1993 11:28:24 -0400
From: Bob Leone <leone@gandalf.ssw.com>
Subject: The other side of Clipper
> Legislation from the government banning "any other cryptography" would
> be impossible to enforce and akin to trying to stuff knowlege back into
> Pandora's box. It is just not going to be happen and the government is
> intelligent enough not to take on a losing battle that could just
> flood the legal system (and there would be pleanty of floodees).
False. There would not be a flood. What would happen, if the govt made
non-Capstone encryption illegal, is that it would be considered prima-facie
evidence of criminal conspiracy (since only a criminal would want his
comm secure against monitoring by law-enforcement agents, right? Sure).
What would then happen is: if the govt wants to monitor you, and you use
non-Capstone, then they nail you. Make the penalties heavy enough, and
they don't really need to prove any of the charges they wanted to
monitor you for. After a few well-publicized cases, not too many people
will use non-Capstone encryption.
Bob Leone (leone@gandalf.ssw.com)
(The opinions expressed are my own.)
------------------------------
Date: Fri, 18 Jun 93 22:27 EDT
From: Ohringer@DOCKMASTER.NCSC.MIL
Subject: Questions for the Privacy Forum
An organization is planning to use the last four digits of employees
Social Security Numbers as part of a scheme for assigning computer
passwords. I am not asking about the security aspects of this, but am
wondering about the privacy implications. Is there anything particular
that needs to be considered about the last four digits as apposed to
four other digits? Is this an acceptable use of (part of) social
security numbers? Would it matter if the last nine digits (all of) or
the last one digit were used? What precedents exist for allowing or
prohibiting such use? What precedent is set by this proposed use?
I look forward to reading how readers would react if they faced such a
proposal.
------------------------------
Date: Mon, 21 Jun 93 13:20:08 -0700
From: Phil Karn <karn@unix.ka9q.ampr.org>
Subject: Re: USPS NCOA request results
I can personally attest to the popularity of the USPS change of
address database.
Having moved twice in the past two years (first from New Jersey to a
rented house in San Diego, and again a year later within San Diego
when I bought a house), I had a chance to try out a trick suggested by
a local friend. Whenever I gave my new mailing address to someone, I
added a unique, bogus "apartment number" to keep track of how far that
particular copy of my address propagated.
It was hardly worth the effort. The vast majority of junk mail I
began to receive at each new address came with "#P", the code I had
added to the USPS change-of-address form. It even appears on my
address in the ham radio ARRL Repeater Directory listing for members
of the ARRL Future Systems Committee, of which I am a member. The
information you put on those harmless-looking little cards goes
everywhere.
And since I bought a house last August, another major source of junk
mail without a code has appeared that clearly uses the public real
estate records at the county clerk's office. It seems to go in cycles.
First were all the solicitations from burglar alarm, carpet and
drapery companies. Then it was "let us help you file your homestead
exemption". Now it's mortgage insurance and mortgage refinancing.
The moral is clear: if you want to disappear, don't file a change of
address form with the USPS, and don't buy a house. :-)
Phil
------------------------------
Date: Thu, 24 Jun 93 11:29:04 -0400
From: "Alan (Gesture Man) Wexelblat" <wex@media.mit.edu>
Subject: USPS NCOA request results
I, like Steve Peterson, received a thick bundle of dead trees from the USPS
asserting that any and all of the companies listed (several thousand names)
might have received my change-of-address.
Interestingly, the USPS also claims that only those companies that "already
had my address" could have gotten the new one. I don't see how they could
assert this unless they're denying that they ever sold the list of
people-who-changed-addresses.
Just another data point...
--Alan Wexelblat, Reality Hacker and Cyberspace Bard
Media Lab - Advanced Human Interface Group wex@media.mit.edu
Voice: 617-258-9168, Pager: 617-945-1842 wexelblat.chi@xerox.com
------------------------------
End of PRIVACY Forum Digest 02.21
************************